Of course, the emails don’t really come from Lufthansa – but it’s likely that some internet users will have been duped into clicking on the attachment, even if they aren’t planning to travel anywhere, our of sheer curiousity.

The attached ZIP file contains a file called Flugsheindetails.PDF.exe, clearly named in an attempt to trick the unwary into believing it is a PDF.

Running the program, installs its malicious code onto the computer, disguising itself as svchost.exe to allay the suspicions of anyone checking the list of running processes. A Registry key of SunJavaUpdateSched is also set.

Meanwhile, behind the scenes, the code has opened a backdoor on your compromised computer – allowing a third party hacker to send commands, and potentially steal information or install further malware on your computer.

Sophos products detect the ZIP file as Mal/DrodZp-A, and the EXE as Mal/EncPk-AFN.

Although German-speaking computer users are clearly the ones being targeted on this occasion, the same social engineering trick is likely to work in any language.

Everyone should be on their guard from unsolcited emails, carrying strange attachments.

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter: <a href="https://twitter.com/gcluley">@gcluley</a>.

definitely when it ends with .exe – Problem is though, that most of the people who would fall for that don’t have activated the option to show the file extensions when their System knows the extension, this leads to the situation that a file named xyz.pdf.exe is only shown as xyz.pdf with the exe hidden – you see where I want to go.

Also, there are legitimate double extension files like xyz.tar.gz .

So it would be safer, yes, but not for every configuration visible on first sight and it also leads to false positives.